==================================================

CREATED: WIN-PS-VAR-EXEC (#1898)

Description

This detector identifies the usage of PowerShell assigning an environment variable to a malicious binary and immediately executing the defined variable.

ATT&CK Technique T1036

==================================================

CREATED: WIN-NET-RENAMED (#1955)

Description

This detector identifies renamed instances of the Windows Net process (net.exe). This technique is used to bypass certain monitoring techniques relying on the standard file name. 

ATT&CK Technique T1036

Did this answer your question?